Page 1 of 1
repo-public.gpg expired today
Posted: Sat Jul 25, 2020 5:05 pm
by GregO1778
Just ran into an issue when trying to update:
An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error:
http://build.openvpn.net/debian/openvpn/release/2.4 jessie InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <
samuli@openvpn.net>
Looks like the key expired today:
apt-key list | grep -A 1 expired
Warning: apt-key output should not be parsed (stdout is not a terminal)
pub rsa2048 2011-08-03 [SC] [expired: 2020-07-25]
30EB F4E7 3CCE 63EE E124 DD27 8E6D A8B4 E158 C569
uid [ expired] Samuli Seppänen (OpenVPN Technologies, Inc) <
samuli@openvpn.net>
Is there an updated pgp key yet?
I did follow the steps here but it pulls the same key:
https://community.openvpn.net/openvpn/w ... twareRepos
Re: repo-public.gpg expired today
Posted: Sat Jul 25, 2020 6:49 pm
by TinCanTech
Thanks for the heads-up.
OpenVPN repo keys expired
Posted: Sun Jul 26, 2020 5:17 am
by robinl
The keys on my ubuntu server expired. The openvpn repo can't be updated:
pub 2048R/E158C569 2011-08-03 [expired: 2020-07-25]
uid Samuli Seppänen (OpenVPN Technologies, Inc) <
samuli@openvpn.net>
I tried to follow the community guide to update the keys but it still says it's expired:
sudo apt-key adv --keyserver keys.gnupg.net --recv-keys E158C569
debian repo key expired
Posted: Sun Jul 26, 2020 9:03 pm
by kl1mov
hi. Key was expired. Fix this please
Expired Key
Posted: Mon Jul 27, 2020 7:00 am
by johnruiz
Hi,
My key for the OpenVPN Ubuntu repository has expired.
I have followed the instructions in this page:
https://community.openvpn.net/openvpn/w ... b_wGZb8dtA and added the key successfully.
However, when I run
, I receive the following error:
Thanks!
Re: Expired Key
Posted: Mon Jul 27, 2020 10:34 am
by robinl
Same, there are already 2 topics opened about this. Mine got merged with another one without notice...
Also, it's a bit worrying to see that keys always expires, it happened a few years ago.
Isn't there a way to automate renewal ?
Re: repo-public.gpg expired today
Posted: Mon Jul 27, 2020 10:36 am
by robinl
Already 4 topics opened about this, the others are in Forum & Website Support section.
I'm not sure why this is still no addressed... it's a pretty big deal since we won't get any update, unattended or not, until the keys are updated.
Isn't it a security issue ?
Re: repo-public.gpg expired today
Posted: Mon Jul 27, 2020 11:15 am
by TinCanTech
It will be fixed when Samuli can fix it. Until then .....
EXPKEYSIG
Posted: Mon Jul 27, 2020 5:00 pm
by arktex54
My request has been rightly added to "repo-public.gpg expired today" thread.
Hi. I have run the following commands and still get invalid signatures.
Debian 10.4
4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux
Code: Select all
apt-key del 30EBF4E73CCE63EEE124DD278E6DA8B4E158C569
apt-key del 8E6DA8B4E158C569
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
root@pi:~# apt update
Err:6 http://build.openvpn.net/debian/openvpn/stable buster InRelease
The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Code: Select all
root@pi:~# openvpn --version
OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
GPG Key Expired
Posted: Tue Jul 28, 2020 12:42 am
by embarkadero
I believe the GPG key is expired and may need to be updated. I already tried deleting the key via
Code: Select all
apt-key del E158C569 && wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
as indicated in
https://community.openvpn.net/openvpn/w ... twareRepos to no avail. For reference, I'm on Ubuntu 16.04.
Re: repo-public.gpg expired today
Posted: Tue Jul 28, 2020 5:00 am
by robinl
TinCanTech wrote: ↑Mon Jul 27, 2020 11:15 am
It will be fixed
when Samuli can fix it. Until then .....
Fair enough, and he probably have other things to do.
But I'm just curious to know why this isn't automated and/or why this isn't a priority. Case might be that there is a vulnerability in a version of openvpn and we wouldn't be able to update through apt or to have a proper unattended server because of the key expiry.
It might not be the case today but it might become a security issue one day...
And because there is no announcement, people keep on creating topics: in off-topic (actually I don't see why it's off topic), in Forum & Website Support.
I don't see why it's not in Server Administration.
Re: repo-public.gpg expired today
Posted: Tue Jul 28, 2020 6:57 am
by Pippin
Expired Key
Posted: Tue Jul 28, 2020 2:03 pm
by ruslanp
I cannon update OpenVPN from the Debian/Ubuntu repo (
https://community.openvpn.net/openvpn/w ... twareRepos):
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error:
http://build.openvpn.net/debian/openvpn/stable bionic InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <
samuli@openvpn.net>
The signature was expired on 2020-07-25.
Please advise
Re: Expired Key
Posted: Tue Jul 28, 2020 2:11 pm
by ruslanp